Electronic Data Interchange (EDI)
The Textbook’s definition of Electronic Data Interchange (EDI) is: the computer-to-computer exchange of business data (i.e., documents) in structured formats that allow direct processing of those electronic documents by the receiving computer systems. However, reviewing the IT/IS existing literature, I found an alternative definition of EDI, that is more detailed, operational, and more accepted in practice. Electronic Data Interchange (EDI), in broad terms, represents the replacement of business, administrative or other organizational documentation by standard electronic messages, which are passed directly by telecommunications from one organization’s computer system to another without ever existing in paper form.
Historically, EDI was originated primarily for finance and trading purposes as a means of speeding up and automating the transfer of information. Following its success, it has expanded to include a wide variety of other information such as that relating to general business, accountancy, health, education, and so on. (Williams et al 1997)
In addition, EDI has been found to have an effect on auditing, where there are control problems related to determining the boundaries of legal responsibilities, the establishments of audit trails, systems security, and so on. However, the main concern for traditional auditors facing an EDI environment, is the apparent erosion of control through the lack of visible evidence. For example, it is impossible to place a grid stamp on an electronic document and provide an authorization signature. Furthermore, as EDI enables information to transcend organizational boundaries, business functions in two organizations may overlap so that an audit trail may become ambiguous or even lost. For example, the transfer of liability for, or ownership of, goods and associated information are vague and the organizational boundaries are blurred in areas where the use of electronic reservations and bookings in the air freight and shipping industries, the use of Automatic Teller Machines (ATMs) to withdraw money in banking and the delivery of goods for customers with an electronic dispatch advice. (Maingot, 1997)
According to Mehta (1998), many companies are starting to take advantage of the EDI technology either due to potential benefits offered by EDI or due to customer pressures, and there are a number of risks and exposures that businesses need to be aware of when considering leveraging this technology. To mention few, total dependency on the system, loss of confidentiality of data, unauthorized transactions and fraud, concentration of control, reliance on third parties, and the potential legal issues are all exposures, that the control considerations, would include a whole set of controls should minimize them
The Textbook’s definition of Electronic Data Interchange (EDI) is: the computer-to-computer exchange of business data (i.e., documents) in structured formats that allow direct processing of those electronic documents by the receiving computer systems. However, reviewing the IT/IS existing literature, I found an alternative definition of EDI, that is more detailed, operational, and more accepted in practice.
Electronic Data Interchange (EDI), in broad terms, represents the replacement of business, administrative or other organizational documentation by standard electronic messages, which are passed directly by telecommunications from one organization’s computer system to another without ever existing in paper form.
Historically, EDI was originated primarily for finance and trading purposes as a means of speeding up and automating the transfer of information. Following its success, it has expanded to include a wide variety of other information such as that relating to general business, accountancy, health, education, and so on. (Williams et al 1997)
In addition, EDI has been found to have an effect on auditing, where there are control problems related to determining the boundaries of legal responsibilities, the establishments of audit trails, systems security, and so on. However, the main concern for traditional auditors facing an EDI environment, is the apparent erosion of control through the lack of visible evidence. For example, it is impossible to place a grid stamp on an electronic document and provide an authorization signature. Furthermore, as EDI enables information to transcend organizational boundaries, business functions in two organizations may overlap so that an audit trail may become ambiguous or even lost. For example, the transfer of liability for, or ownership of, goods and associated information are vague and the organizational boundaries are blurred in areas where the use of electronic reservations and bookings in the air freight and shipping industries, the use of Automatic Teller Machines (ATMs) to withdraw money in banking and the delivery of goods for customers with an electronic dispatch advice. (Maingot, 1997)
According to Mehta (1998), many companies are starting to take advantage of the EDI technology either due to potential benefits offered by EDI or due to customer pressures, and there are a number of risks and exposures that businesses need to be aware of when considering leveraging this technology. To mention few, total dependency on the system, loss of confidentiality of data, unauthorized transactions and fraud, concentration of control, reliance on third parties, and the potential legal issues are all exposures, that the control considerations, would include a whole set of controls should minimize them